By now most people are familiar with the term phishing. Merriam-Webster dates the first use of the term back to 1986 and credits the “ph” spelling to its similarity to the earlier word phreaking, meaning “fraudulently using an electronic device to avoid paying for telephone calls” (possibly a shortening of “phone freak”). Not every email in your inbox is a phishing attempt, but it’s worth learning how to tell the difference to avoid getting hooked. It’s time to learn the SLAM method.
What is phishing exactly?
Phishing, or spear phishing, is an attempt via email to take advantage of the recipient. The goal, says the Office of the Director of National Intelligence (DNI) on its website, “is to acquire sensitive data such as usernames, passwords, and other personal information.” This may be done by sending fake emails that appear to be from people you know or who otherwise seem legitimate. Once you open the emails, you may easily be enticed to click on links or open attachments, prompting “malicious software [to] run which could compromise the security posture of the host,” says the DNI.
How do you know?
Here is a simple mnemonic that can help you identify the common indicators of phishing emails: SLAM.
S – sender
L – links
A – attachments
M – message
Always look at the sender of any email you receive. Check to make sure both the domain name (the name after the “@” sign) and the name of the sender make sense to you. For instance, if you are receiving an email from a school, the domain name should end in @schoolname.edu. Also, beware of misspellings and subtly altered names of people or companies you might be expecting emails from (e.g. HomeDeepot.com).
Links are a common way for cybercriminals to trick you into going to their websites or even downloading malware onto your device. Bad links can be hidden in “click here” icons or any other buttons. Hover your mouse over a link without clicking on it and you’ll be able to see the link’s actual URL and destination. Check to see if it matches the content of the email.
Attachments are another way that scammers can infect your device with malware or obtain your personal information. Always be careful when opening email attachments and consider verifying the sender through another method first (like sending them a separate email using a known email address).
The content of the message itself may be another tip-off of a phishing attempt. Often, a scammer’s email will use urgent phrasing like “Act now” or “Open immediately.” Language like this is intended to manipulate or pressure you to click on links or open attachments. Be wary as well of unusual phrasing, spelling errors, over-friendly, or stilted language. These can all be red flags that someone other than who you expect is sending the email.
How can I protect myself from getting scammed?
- When looking through your inbox, be sure to consider all four letters of the SLAM method: Sender; Links; Attachments; and Message.
- When in doubt, don’t click on any links or open any attachments.
- Check out some more tips on preventing phishing from the Cybersecurity & Infrastructure Security Agency.
- Report phishing attempts or file a complaint with the Internet Crime Complaint Center.
- Find out how to protect yourself against ransomware.